Category: Uncategorized

Roskomnadzor, Russia’s internet regulator, decided to end its blogger registry because it has become inefficient. In 2014, Russia passed a regulation requiring bloggers to register which would monitor their blogs for content deemed illegal. The regulation’s intent was to eliminate anonymous blogging and to curtail libel and defamation, but bloggers believed “the goal [was] to kill off the political blogosphere,” according to a popular anti-Putin blogger.

Citing a worry over “cyber vulnerabilities,” the U.S. Army this week ordered that all drones built by China-based DJI, the world’s biggest drone maker, be immediately removed from Army service. The order comes following a classified study of the issue completed in May by the Army Research Laboratory, and the simultaneous release of a Navy memorandum titled “Operational Risks with Regards to DJI Family of Products.”

He says NASA and the Department of Energy have already stopped using DJI products. When Egan looked into why, he says they weren’t allowed to use the drones “because they are Chinese.”

3. Common Password UseRemediation: User education, increase default password length requirement from 8 to 12+, and add simple password brute-forcing as part of your vulnerability management program to check for weak or known passwords.

4. Enforce SMB Signing for Servers and WorkstationsRemediation: Force SMB signing for all domain joined computers.

5. No LAPSRemediation: Deploy LAPS, which rotates and stores the local administrator password in the domain controller.

7. Remove Stored Passwords in Group Policy Preferences (GPP)Remediation: Review your group policy preferences and ensure no passwords are used or stored.

8. Default User/Pass In UseRemediation: Know what you have deployed on the network, and verify that no system is setup to use its default credentials.

9. Not Using MFA for Remote Access, or to Sensitive NetworksRemediation: Deploy multi-factor authentication at minimum for all remote access solutions and all cases where a security boundary is being crossed.

10. Non-Segmented Legacy Hardware & SoftwareRemediation: If you’ve seen “Silence of the Lambs”, think Hannibal Lecter in his cell, in a strait jacket… wearing a mask.